From f1f3d4c6e724c2f4c1056dd43460766f7c483965 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 14 May 2015 10:41:07 -0400 Subject: update re passwordauth @ --- doc/todo/emailauth.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index aac2c988e..88096bee1 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -62,7 +62,7 @@ Implementation notes: Otherwise, someone could use passwordauth to register as a username that looks like an email address, which would be confusing to possibly a security hole. Probably best to keep passwordauth and emailauth accounts - entirely distinct. + entirely distinct. Update: passwordauth never allowed `@` in usernames. * Currently, subscription to comments w/o registering is handled by passwordauth, by creating a passwordless account (making up a username, not using the email address as the username thankfully). That account can be -- cgit v1.2.3